NTP Server is very useful If you have lots of server and desktop system. Your NTP server contacts a central NTP server, provided by your ISP or a public time server located at ntp.org, to obtain accurate time data. The server then allows other machines on your network to request the time data. The server then allows other machines on your network to request the time data.
Consider the following sample setup:
192.168.10.50 ==> CentOS / Fedora / RHEL NTPD Server.
220.127.116.110 ==> ISP remote NTP server.
192.168.10.0/24 ==> NTP clients including desktop systems.
First, install and enable ntpd on 192.168.10.50:
[root@server~]# yum install ntp
[root@server~]# chkconfig ntpd on
Now open /etc/ntp.conf:
[root@server~]# vim /etc/ntp.conf
Make sure the following line exits:
restrict default ignore
Above will deny all access to any machine, server or client. However, you need to specifically authorized policy settings. Set it as follows:
restrict 18.104.22.168 mask 255.255.255.245 nomodify notrap noquery
Replace 22.214.171.124 and mask with actual remote ISP or ntp.org NTP server IP.
Save and close the file.
Configure NTP clients to access your NTP Server
Now, you need to allow legitimate NTP clients to access the Server. For example, allow 192.168.10.0/24 network to synchronize to this server located at 192.168.10.50. Open /etc/ntp.conf and add policy as follows:
# Hosts on local network are less restricted.
restrict 192.168.10.0 mask 255.255.255.0 nomodify notrap
Update your firewall settings, open /etc/sysconfig/iptables.
[root@server~]# vim /etc/sysconfig/iptables
Add the following line, before the final LOG and DROP lines for the RH-Firewall-1-INPUT chain:
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state –state NEW -p udp –dport 123 -j ACCEPT
Save and close the file. Finally, start ntpd:
[root@server~]# service ntpd start
[root@server~]# service iptables restart
[root@server~]# netstat -tulpn